Trojan.Win32.AntiAV.tqq (Kaspersky), Trojan.NSIS.StartPage.FD, Virus.Win32.Sality.FD, Virus.Win32.Sality.2.FD, VirusSality.YR, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)Behaviour: Trojan, Worm, Virus, WormAutorun
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: db4247176946e6fc890f63890c50ed2b
SHA1: c428724fdf18daae413e766fa44d699385e794da
SHA256: 1d975f6f1bed02a740bd0c63cc5054af7ba04a97af6ea715783664031002c6c8
SSDeep: 6144:PWv0aKdhqOtT6jjao2JU9qG97XeLjcFc8f2mtivD3b2hyLuhnp6A60gHG31kdjFr:jxdkOcKy5YaemYmh8uh1bgm31kdjFv5d
Size: 357213 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:46
Analyzed on: WindowsXP SP3 32-bit
Summary: Virus. A program that recursively replicates a possibly evolved copy of itself.
Dynamic Analysis
Payload
| Behaviour | Description |
|---|---|
| WormAutorun | A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer. |
Process activity
The Virus creates the following process(es):
%original file name%.exe:1124
The Virus injects its code into the following process(es):
Au_.exe:420
File activity
The process Au_.exe:420 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cyelgy.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gcld.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A4739_rar\Au_.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winlxyp.exe (849 bytes)
\\XP1\PIPE\srvsvc (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winnblum.exe (15019 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winmuob.exe (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr4.tmp (1568 bytes)
\\XP7\PIPE\srvsvc (72 bytes)
%System%\drivers\qjohs.sys (5 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\thhps.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winupkqv.exe (1 bytes)
\\XP4\PIPE\srvsvc (72 bytes)
The Virus deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\cyelgy.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A3651_rar\%original file name%.exe (0 bytes)
%WinDir%\a41cb (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A4739_rar\Au_.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winlxyp.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gcld.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winnblum.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winmuob.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A3651_rar (0 bytes)
%System%\drivers\qjohs.sys (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\thhps.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winupkqv.exe (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsw3.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A4739_rar (0 bytes)
The process %original file name%.exe:1124 makes changes in the file system.
The Virus creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~nsu.tmp\Au_.exe (2105 bytes)
%WinDir%\system.ini (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wincrmo.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A3651_rar\%original file name%.exe (2105 bytes)
The Virus deletes the following file(s):
%WinDir%\a35c5 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wincrmo.exe (0 bytes)
Registry activity
The process Au_.exe:420 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKCU\Software\Stvncyfrlda]
"m2_8" = "997420773"
"m2_9" = "2732719960"
"m2_2" = "3470576471"
"m2_3" = "910908362"
"m2_0" = "5517"
"m2_1" = "1735293664"
"m2_6" = "1821804803"
"m2_7" = "3557105270"
"m2_4" = "2646190137"
"m2_5" = "86522028"
"m4_222" = "2982453382"
"m1_151" = "2332094709"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m1_78" = "496890157"
"m4_226" = "1333681722"
"m4_227" = "3068972455"
"m4_224" = "2158067552"
"m1_150" = "424564409"
"m1_73" = "4016171852"
"m1_72" = "669845477"
"m1_71" = "2088517138"
"m1_70" = "2833234694"
"m1_77" = "158145522"
"m1_76" = "466998487"
"m1_75" = "3884680605"
"m1_74" = "2146080585"
"m3_166" = "278866567"
"m3_167" = "2013911602"
"m3_164" = "1136397309"
"m2_98" = "2554772804"
"m1_144" = "1798187162"
"m3_163" = "3662911566"
"m3_160" = "2751909385"
"m3_161" = "225933732"
"m1_155" = "211473041"
"m4_208" = "163219600"
"m3_168" = "3782899105"
"m1_154" = "746584864"
[HKCU\Software\Stvncyfrlda\168128873]
"-737866757" = "58885256CEB138BF289B3FE61C5E671D2E4D94225C4FBCE4F0DE94D4B7C6392939AA4886E4653CEE7B60948B66308353C8BBD5AE9DDF9D8811FEE480E8441E72BE888FD57C7DF806E086A0E5DB748F0253CF7C7D80F1B655BBDC36A6B023154295785206CD56E65771B4CF0086E88C785CF8C0E79612D1A27360920106C8FD553BA45DC6F2A1000AB402F36DBF857C1185A98D2E85109D9FD5DA5D9DAC6CF78DD42468E6AAA565B58EBD7520B7BC8A2F1C00B75D6B842D36E293F4AF3B51E71EE226DED82E8165CB677EE0EA5BDDA27433B041F67665D554619E5A8CC804F9380D19D04300BC619829CDC374400D9780AF7BBAE5BA38A609F7EDFA8C4C4A9E5B"
[HKCU\Software\Stvncyfrlda]
"m2_147" = "1684663018"
"m1_148" = "462448063"
"m1_149" = "2348482344"
"m1_146" = "2471073169"
"m1_147" = "239319337"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
[HKCU\Software\Stvncyfrlda]
"m1_145" = "297981414"
"m1_142" = "1396584362"
"m1_143" = "4062879374"
"m1_140" = "3046822439"
"m2_107" = "992512885"
"m2_99" = "4290055621"
"m2_148" = "3419960848"
"m4_209" = "1898510333"
"m1_250" = "2733256631"
"m3_255" = "100898746"
"m1_251" = "2329294615"
"m2_210" = "3633791648"
"m3_35" = "622481870"
"m3_34" = "3182011987"
"m3_37" = "4092948712"
"m3_36" = "2323956093"
"m3_31" = "2270958618"
"m3_30" = "535979247"
"m3_33" = "1413429028"
"m3_32" = "3972958089"
"m3_39" = "3234960306"
"m3_38" = "1533534215"
"m1_269" = "4259192743"
"m1_268" = "3498640479"
"m4_0" = "0"
"m4_1" = "1735290733"
"m4_2" = "3470581466"
"m4_3" = "910904903"
"m4_4" = "2646195636"
"m4_5" = "86519073"
"m4_6" = "1821809806"
"m4_7" = "3557100539"
"m4_8" = "997423976"
"m4_9" = "2732714709"
"m2_213" = "249733270"
"m2_212" = "2809423430"
"m2_215" = "3720327489"
"m2_214" = "1985033351"
"m2_217" = "2895930545"
"m2_216" = "1160650456"
"m2_69" = "3770948725"
"m2_68" = "2035647188"
"m4_251" = "1766277087"
"m2_61" = "2773521814"
"m2_60" = "1038225466"
"m2_63" = "1949136233"
"m2_62" = "213838740"
"m2_65" = "1124752575"
"m2_64" = "3684420318"
"m2_67" = "300363776"
"m2_66" = "2860033184"
"m4_204" = "1811991260"
"m1_241" = "3551508523"
"m2_265" = "290540621"
"m2_267" = "3761120591"
"m4_223" = "422776819"
"m1_79" = "2790714074"
"m3_261" = "1922363400"
"m4_205" = "3547281993"
"m3_263" = "1131877074"
"m4_221" = "1247162649"
"m4_129" = "514205165"
"m4_128" = "3073881728"
"m3_267" = "3777846406"
"m3_266" = "2042408299"
"m4_125" = "2162976825"
"m4_124" = "427686092"
"m4_127" = "1338590995"
"m4_126" = "3898267558"
"m4_121" = "3811748485"
"m4_120" = "2076457752"
"m4_123" = "2987362655"
"m4_122" = "1252071922"
"m4_158" = "3592996166"
"m4_159" = "1033319603"
"m2_250" = "30984142"
"m3_249" = "2607352620"
"m3_185" = "3217944556"
"m4_150" = "2595572190"
"m4_151" = "35895627"
"m4_152" = "1771186360"
"m4_153" = "3506477093"
"m4_154" = "946800530"
"m4_155" = "2682091263"
"m4_156" = "122414700"
"m4_157" = "1857705433"
"m2_134" = "600722245"
"m2_135" = "2336021725"
"m4_29" = "3078791001"
"m4_28" = "1343500268"
"m2_130" = "2249490722"
"m2_131" = "3984789978"
"m2_132" = "1425106115"
"m2_133" = "3160406377"
"m4_23" = "1256981195"
"m4_22" = "3816657758"
"m4_21" = "2081367025"
"m4_20" = "346076292"
"m4_27" = "3903176831"
"m4_26" = "2167886098"
"m4_25" = "432595365"
"m4_24" = "2992271928"
"m1_195" = "2643304008"
"m4_229" = "2244586625"
"m3_182" = "2306891095"
"m1_194" = "1457650156"
"m3_247" = "3398363138"
"m3_183" = "4008889538"
"m1_197" = "295356343"
"m3_246" = "1696364695"
"m1_24" = "2112193355"
"m1_25" = "2181166612"
"m1_26" = "2783849177"
"m1_27" = "1144466001"
"m1_20" = "480859198"
"m1_21" = "3559623819"
"m1_22" = "3042679330"
"m1_23" = "1478140349"
"m1_191" = "580673665"
"m3_244" = "2487310797"
"m1_28" = "1162819486"
"m1_29" = "3669763340"
"m3_199" = "1742469010"
"m1_190" = "1943618453"
"m3_122" = "1268937691"
"m3_123" = "3003966326"
"m3_120" = "2059882801"
"m3_121" = "3794911404"
"m3_126" = "3914972559"
"m3_127" = "1321872698"
"m3_124" = "410948325"
"m3_125" = "2179924496"
"m3_128" = "3056917673"
"m3_129" = "530927556"
"m3_165" = "2871966568"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m3_162" = "1927407827"
"m1_214" = "1896519380"
[HKCU\Software\Stvncyfrlda\168128873]
"86519073" = "73"
[HKCU\Software\Stvncyfrlda]
"m1_99" = "165019942"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D5 40 52 29 67 9F F6 48 83 2A C9 50 48 91 1B 2C"
[HKCU\Software\Stvncyfrlda]
"m1_215" = "2237384134"
"m3_253" = "958887056"
"m1_91" = "2051716867"
"m1_90" = "1029108706"
"m1_93" = "4115819492"
"m1_92" = "4066794608"
"m1_95" = "3262248306"
"m1_94" = "1906517587"
"m1_97" = "35254771"
"m1_96" = "1305171134"
"m2_254" = "2677183293"
"m3_231" = "1436934514"
"m1_202" = "3756439480"
"m1_221" = "3235915646"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Stvncyfrlda]
"m2_257" = "3588082311"
"m1_108" = "3600036583"
"m1_109" = "1361232034"
"m4_201" = "901086357"
"m1_102" = "1006028312"
"m1_103" = "646318433"
"m1_100" = "3722719213"
"m1_101" = "1657642839"
"m1_106" = "1682219155"
"m1_107" = "2574215857"
"m1_104" = "3861228572"
"m1_105" = "71901328"
"m3_3" = "927474798"
"m3_2" = "3487544563"
"m3_1" = "1718420804"
"m3_0" = "17001001"
"m3_7" = "3573965266"
"m3_6" = "1838544551"
"m3_5" = "69945096"
"m3_4" = "2629490589"
"m1_216" = "2713809474"
"m1_217" = "2546009400"
"m3_9" = "2749530364"
"m3_8" = "980422977"
"m1_199" = "3791035262"
"m1_198" = "2090234686"
"m1_210" = "1677293012"
"m1_211" = "1984645151"
"m3_93" = "2451378352"
"m3_92" = "716398853"
"m3_91" = "3309498774"
"m3_90" = "1573930619"
"m3_97" = "836457060"
"m3_96" = "3362431689"
"m3_95" = "1626878810"
"m3_94" = "4220485679"
[HKCU\Software\Stvncyfrlda\168128873]
"1735290733" = "87"
[HKCU\Software\Stvncyfrlda]
"m4_241" = "1593238941"
"m3_99" = "4273372430"
"m2_94" = "4203540783"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m3_98" = "2571488659"
"m3_169" = "1189405916"
"m2_251" = "1766270371"
"m2_146" = "4244347200"
"m1_5" = "990974441"
"m1_4" = "2043211597"
"m1_7" = "2820037032"
"m1_6" = "942015960"
"m1_1" = "692605188"
"m1_0" = "1431655765"
"m3_68" = "2018964189"
"m3_69" = "3787940424"
"m3_66" = "2877018163"
"m3_67" = "283394990"
"m3_64" = "3667439977"
"m3_65" = "1107894404"
"m3_62" = "230528591"
"m3_63" = "1965949434"
"m3_60" = "1021409189"
"m3_61" = "2756962000"
"m2_220" = "3806843608"
"m2_221" = "1247160366"
"m2_222" = "2982460088"
"m2_223" = "422780889"
"m2_224" = "2158062088"
"m2_225" = "3893359355"
"m2_226" = "1333674508"
"m2_227" = "3068974377"
"m2_228" = "509290547"
"m2_229" = "2244590124"
"m2_149" = "860276791"
"m3_241" = "1609928628"
"m3_229" = "2227881640"
"m3_228" = "525883197"
"m3_225" = "3909911780"
"m3_224" = "2174883145"
"m3_227" = "3085936526"
"m1_141" = "1482584400"
"m3_221" = "1263885104"
"m3_220" = "3823414149"
"m3_223" = "405824986"
"m3_222" = "2965883567"
"m3_258" = "1011818995"
"m3_259" = "2780418414"
"m2_29" = "3078784361"
"m2_28" = "1343503986"
"m2_253" = "941885326"
"m2_25" = "432600617"
"m2_24" = "2992270466"
"m2_27" = "3903184141"
"m2_26" = "2167896592"
"m2_21" = "2081373437"
"m2_20" = "346071270"
"m2_23" = "1256986431"
"m2_22" = "3816666772"
"m3_240" = "4136311833"
"m4_244" = "2504143844"
"m1_209" = "154513840"
"m1_258" = "2888189151"
"m4_220" = "3806839212"
"m4_270" = "377062646"
"m2_169" = "1206361665"
"m2_168" = "3766028227"
"m2_252" = "3501569404"
[HKCU\Software\Stvncyfrlda\168128873]
"-1648771660" = "30"
[HKCU\Software\Stvncyfrlda]
"m2_163" = "3679512769"
"m2_162" = "1944228341"
"m2_161" = "208928859"
"m2_160" = "2768617248"
"m2_167" = "2030741223"
"m2_166" = "295459658"
"m2_165" = "2855127158"
"m2_164" = "1119844508"
"m4_114" = "254647946"
"m4_115" = "1989938679"
"m4_116" = "3725229412"
"m4_117" = "1165552849"
"m4_110" = "1903419606"
"m4_111" = "3638710339"
"m4_112" = "1079033776"
"m4_113" = "2814324509"
"m4_118" = "2900843582"
"m4_119" = "341167019"
"m4_74" = "3857462658"
"m4_75" = "1297786095"
"m4_76" = "3033076828"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m4_70" = "1211267022"
"m4_71" = "2946557755"
"m4_72" = "386881192"
"m4_73" = "2122171925"
"m4_78" = "2208690998"
"m4_79" = "3943981731"
"m4_246" = "1679758014"
"m2_270" = "377065937"
"m4_228" = "509295892"
"m4_189" = "1552434041"
"m4_188" = "4112110604"
"m4_187" = "2376819871"
"m4_186" = "641529138"
"m4_185" = "3201205701"
"m4_184" = "1465914968"
"m4_183" = "4025591531"
"m4_182" = "2290300798"
"m4_181" = "555010065"
"m4_180" = "3114686628"
"m1_213" = "3085980930"
"m1_3" = "553799287"
"m1_2" = "2322242303"
"m4_247" = "3415048747"
"m2_90" = "1557347139"
"m2_91" = "3292629698"
"m2_92" = "732959114"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Stvncyfrlda]
"m1_68" = "1969928109"
"m1_69" = "7623848"
"m4_237" = "3242010601"
"m2_93" = "2468241613"
"m4_231" = "1420200795"
"m4_230" = "3979877358"
"m4_233" = "595814965"
"m4_232" = "3155491528"
"m1_60" = "3058324726"
"m1_62" = "185503965"
"m1_63" = "3055034906"
"m1_64" = "1713976635"
"m1_65" = "4148594982"
"m1_66" = "3018234535"
"m1_67" = "1682329809"
"m3_179" = "1395950366"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m1_259" = "42701422"
"m2_96" = "3379157030"
"m3_130" = "2266496883"
"m3_171" = "398919654"
"m3_170" = "2924909643"
"m3_173" = "3835831936"
"m2_97" = "819470841"
"m3_175" = "3044884906"
"m3_174" = "1275909695"
"m3_177" = "2186829940"
"m3_176" = "451932377"
"m4_268" = "1201448476"
"m4_249" = "2590662917"
"m4_235" = "4066396431"
"m1_152" = "511124959"
"m2_259" = "2763693709"
"m1_267" = "2118737906"
"m1_266" = "2523103868"
"m1_252" = "2710939155"
"m1_265" = "1163045739"
"m3_22" = "3799972215"
"m3_23" = "1273981154"
"m3_20" = "363060909"
"m3_21" = "2097957336"
"m3_26" = "2150906683"
"m3_27" = "3920013910"
"m3_24" = "3008960529"
"m3_25" = "415992716"
"m1_159" = "3139067661"
"m1_158" = "3306937149"
"m3_28" = "1360479685"
"m3_29" = "3061970288"
"m1_256" = "1771816138"
"m1_257" = "2155941656"
"m1_254" = "1905077835"
"m1_255" = "1583084890"
"m2_268" = "1201451930"
"m1_261" = "1403965823"
"m2_264" = "2850224777"
"m1_253" = "664705388"
"m2_266" = "2025836848"
"m1_260" = "2798526981"
"m2_260" = "204027669"
"m2_261" = "1939311170"
"m2_262" = "3674611250"
"m2_263" = "1114923423"
"m2_76" = "3033071995"
"m2_77" = "473406283"
"m2_74" = "3857460694"
"m2_75" = "1297789211"
"m2_72" = "386875799"
"m2_73" = "2122176396"
"m2_70" = "1211262086"
"m2_71" = "2946563951"
"m2_78" = "2208687796"
"m2_79" = "3943985447"
"m3_57" = "110470508"
"m3_56" = "2703963633"
"m3_55" = "968530498"
"m3_54" = "3494439639"
"m3_53" = "1759411128"
"m3_52" = "57526285"
"m3_51" = "2583910558"
"m3_50" = "848472419"
"m3_59" = "3614491702"
"m3_58" = "1845908635"
"m2_219" = "2071545430"
"m2_218" = "336263342"
"m1_156" = "1533929191"
"m3_214" = "2001882935"
"m3_215" = "3703373474"
"m3_216" = "1143826897"
"m3_217" = "2912885068"
"m3_210" = "3650358595"
"m3_211" = "1090960638"
"m3_212" = "2792828013"
"m3_213" = "266461080"
"m4_267" = "3761125039"
"m3_218" = "352946427"
"m3_219" = "2054830102"
"m2_127" = "1338594359"
"m4_149" = "860281457"
"m4_148" = "3419958020"
"m3_226" = "1316828179"
"m2_126" = "3898265228"
"m4_143" = "3333438947"
"m4_142" = "1598148214"
"m4_141" = "4157824777"
"m4_140" = "2422534044"
"m4_147" = "1684667287"
"m4_146" = "4244343850"
"m4_145" = "2509053117"
"m4_144" = "773762384"
"m4_38" = "1516538414"
"m4_39" = "3251829147"
"m2_125" = "2162978893"
"m2_124" = "427682167"
"m2_123" = "2987367843"
"m2_122" = "1252066758"
"m2_121" = "3811750321"
"m2_120" = "2076451886"
"m4_30" = "519114438"
"m4_31" = "2254405171"
"m4_32" = "3989695904"
"m4_33" = "1430019341"
"m4_34" = "3165310074"
"m4_35" = "605633511"
"m4_36" = "2340924244"
"m4_37" = "4076214977"
"m2_192" = "2463334916"
"m2_193" = "4198637213"
"m2_190" = "3287721999"
"m2_191" = "728053808"
"m2_196" = "814569214"
"m2_197" = "2549852057"
"m2_194" = "1638946128"
"m2_195" = "3374249723"
[HKCU\Software\Stvncyfrlda\168128873]
"-824385830" = "0"
[HKCU\Software\Stvncyfrlda]
"m2_198" = "4285151764"
"m2_199" = "1725468911"
"m4_269" = "2936739209"
"m1_11" = "31487998"
"m1_10" = "3127516927"
"m1_13" = "3959391552"
"m1_12" = "1954038609"
"m1_15" = "481741629"
"m1_14" = "628379951"
"m1_17" = "3003209313"
"m1_16" = "2981283468"
"m1_19" = "1354185793"
"m1_18" = "857169174"
"m3_184" = "1449360497"
"m4_206" = "987605430"
"m1_263" = "656935493"
"m3_135" = "2319427666"
"m3_134" = "583874855"
"m3_137" = "1528482684"
"m3_136" = "4087897025"
"m4_89" = "4117019877"
"m4_88" = "2381729144"
"m3_133" = "3176958344"
"m3_132" = "1441930781"
"m4_85" = "1470824241"
"m4_84" = "4030500804"
"m4_87" = "646438411"
"m4_86" = "3206114974"
"m4_81" = "3119595901"
"m4_80" = "1384305168"
"m4_83" = "2295210071"
"m4_82" = "559919338"
"m3_250" = "14400091"
"m2_269" = "2936735634"
"m2_129" = "514207751"
"m3_251" = "1749308918"
"m2_128" = "3073876868"
"m3_252" = "3518416229"
"m3_268" = "1184877621"
"m1_86" = "2649054191"
"m1_87" = "1925033915"
"m1_84" = "3128572172"
"m1_85" = "3969956330"
"m1_82" = "1814322384"
"m1_83" = "1448494473"
"m1_80" = "1214350173"
"m1_81" = "2229866676"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Stvncyfrlda]
"m3_254" = "2660361231"
"m1_180" = "988587620"
"m1_88" = "956473009"
"m1_89" = "4124865492"
"m3_198" = "4268311655"
"m1_229" = "3352744445"
"m1_228" = "1294492125"
"m3_256" = "1869350697"
"m3_186" = "658480923"
"m3_257" = "3571365444"
"m3_140" = "2439480757"
"m3_141" = "4140840224"
"m3_142" = "1581425759"
"m3_143" = "3350419402"
"m1_119" = "765342999"
"m1_118" = "248882171"
"m3_146" = "4260947459"
"m3_147" = "1701482942"
"m1_115" = "938637217"
"m1_114" = "4216106464"
"m1_117" = "3464095184"
"m1_116" = "975394621"
"m1_111" = "3632489257"
"m1_110" = "1588378220"
"m1_113" = "786271069"
"m1_112" = "1751031529"
"m1_168" = "3866556980"
"m1_169" = "2466883207"
"m1_220" = "542909206"
"m4_219" = "2071548479"
"m1_160" = "2637230312"
"m1_161" = "2733520179"
"m1_162" = "2720784713"
"m1_163" = "2557426206"
"m1_164" = "1214616975"
"m1_165" = "3299963440"
"m1_166" = "3679501328"
"m1_167" = "2878354766"
"m3_80" = "1401010233"
"m3_81" = "3102878548"
"m3_82" = "542956227"
"m3_83" = "2311932542"
"m3_84" = "4047496685"
"m3_85" = "1453954328"
"m3_86" = "3189376183"
"m3_87" = "663008290"
"m3_88" = "2364876625"
"m3_89" = "4100445900"
"m4_215" = "3720320139"
"m4_214" = "1985029406"
"m4_225" = "3893358285"
"m4_194" = "1638953114"
"m1_201" = "1517823662"
"m1_200" = "1611116407"
"m3_19" = "2888904510"
"m3_18" = "1153482627"
"m1_205" = "1297626444"
"m1_204" = "3109505289"
"m1_207" = "2331395230"
"m1_206" = "1297522905"
"m3_13" = "1100530336"
"m3_12" = "3626914613"
"m3_11" = "1891476358"
"m3_10" = "190001259"
"m3_17" = "3746958356"
"m3_16" = "2011536633"
"m3_15" = "243002698"
"m3_14" = "2835971551"
"m2_233" = "595818817"
"m2_232" = "3155484418"
"m2_231" = "1420205099"
"m2_230" = "3979873473"
"m2_237" = "3242016619"
"m2_236" = "1506714440"
"m2_235" = "4066400181"
"m2_234" = "2331102520"
"m2_239" = "2417627471"
"m2_238" = "682331289"
"m2_49" = "3424863984"
"m2_48" = "1689567674"
"m2_47" = "4249249463"
"m2_46" = "2513965233"
"m2_45" = "778669791"
"m2_44" = "3338351236"
"m2_43" = "1603053585"
"m2_42" = "4162736658"
"m2_41" = "2427438881"
"m2_40" = "692154396"
"m2_38" = "1516540042"
"m2_39" = "3251823525"
"m2_32" = "3989700179"
"m2_33" = "1430014817"
"m2_30" = "519121676"
"m2_31" = "2254399646"
"m2_36" = "2340928256"
"m2_37" = "4076210421"
"m2_34" = "3165312108"
"m2_35" = "605629671"
"m2_247" = "3415055350"
[HKCU\Software\Stvncyfrlda\168128873]
"910904903" = "0"
[HKCU\Software\Stvncyfrlda]
"m4_240" = "4152915504"
"m2_158" = "3593001358"
"m2_159" = "1033318228"
"m2_156" = "122417395"
"m2_157" = "1857700181"
"m2_154" = "946803494"
"m2_155" = "2682087236"
"m2_152" = "1771189746"
"m2_153" = "3506474120"
"m2_150" = "2595575218"
"m2_151" = "35891775"
"m4_107" = "992514703"
"m4_106" = "3552191266"
"m4_105" = "1816900533"
"m4_104" = "81609800"
"m4_103" = "2641286363"
"m4_102" = "905995630"
"m4_101" = "3465672193"
"m4_100" = "1730381460"
"m3_131" = "3967839982"
"m4_242" = "3328529674"
"m4_109" = "168128873"
"m4_108" = "2727805436"
"m4_41" = "2427443317"
"m4_40" = "692152584"
"m4_43" = "1603057487"
"m4_42" = "4162734050"
"m4_45" = "778671657"
"m4_44" = "3338348220"
"m4_47" = "4249253123"
"m4_46" = "2513962390"
"m4_49" = "3424867293"
"m4_48" = "1689576560"
"m3_100" = "1713433789"
"m1_264" = "4076257590"
"m3_245" = "4256418168"
"m3_139" = "703982086"
"m3_138" = "3230366443"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Stvncyfrlda]
"m4_250" = "30986354"
"m4_266" = "2025834306"
"m1_55" = "869080572"
"m1_54" = "936325280"
"m1_57" = "2127420660"
"m1_56" = "2209700707"
"m1_51" = "2330347000"
"m1_50" = "2958820596"
"m1_53" = "1723007679"
"m1_52" = "2581220447"
"m1_59" = "1154213488"
"m1_58" = "4066474636"
"m2_241" = "1593245513"
"m3_108" = "2744413141"
"m3_109" = "184949568"
"m3_104" = "98446945"
"m3_105" = "1833490844"
"m3_106" = "3535358219"
"m3_107" = "975960230"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m3_101" = "3482491944"
"m3_102" = "922947399"
"m3_103" = "2624438002"
"m2_83" = "2295218147"
"m4_77" = "473400265"
"m4_264" = "2850220136"
"m2_248" = "855369684"
"m2_249" = "2590667948"
"m3_260" = "220872861"
"m4_234" = "2331105698"
"m1_124" = "2434404267"
"m1_125" = "1308835936"
"m1_126" = "1950560213"
"m1_127" = "2787039010"
"m1_120" = "3348298643"
"m1_121" = "3754038516"
"m1_122" = "665180793"
"m1_123" = "3625339348"
"m1_245" = "3337769965"
"m1_244" = "269030490"
"m1_247" = "2037635473"
"m1_246" = "2177488653"
"m1_128" = "934007257"
"m1_129" = "1187006103"
"m1_243" = "2065490465"
"m1_242" = "2179606710"
"m1_238" = "3303576611"
"m1_239" = "86146966"
"m3_248" = "871930801"
"m3_187" = "2359824054"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"
[HKCU\Software\Stvncyfrlda]
"m1_230" = "1918301372"
"m1_231" = "3367257706"
"m1_232" = "1732597522"
"m1_233" = "3151509020"
"m1_234" = "202707996"
"m1_235" = "3746887364"
"m1_236" = "1677024296"
"m1_237" = "4231584599"
"m3_269" = "2919792544"
"m4_262" = "3674605966"
"m3_243" = "751873630"
"m3_44" = "3354938517"
"m3_45" = "795540480"
"m3_46" = "2497408959"
"m3_47" = "4232388394"
"m3_40" = "675414817"
"m3_41" = "2444014172"
"m3_42" = "4179439051"
"m3_43" = "1586486630"
"m3_48" = "1706528345"
"m3_49" = "3441441268"
"m4_263" = "1114929403"
"m3_144" = "790480761"
"m3_239" = "2434362602"
"m3_207" = "2739893002"
"m3_206" = "1004454815"
"m3_205" = "3530313824"
"m3_204" = "1828954357"
"m3_203" = "93401414"
"m3_202" = "2619377195"
"m3_201" = "884348604"
"m3_200" = "3477366529"
"m3_145" = "2492364436"
"m3_209" = "1881906644"
"m3_208" = "146399929"
"m4_178" = "3939072458"
"m4_179" = "1379395895"
"m4_176" = "468490992"
"m4_177" = "2203781725"
"m4_174" = "1292876822"
"m4_175" = "3028167555"
"m4_172" = "2117262652"
"m4_173" = "3852553385"
"m4_170" = "2941648482"
"m4_171" = "381971919"
"m4_261" = "1939315233"
"m2_118" = "2900836589"
"m2_119" = "341171289"
"m2_112" = "1079030500"
"m2_113" = "2814328779"
"m2_110" = "1903427405"
"m2_111" = "3638708175"
"m2_116" = "3725225075"
"m2_117" = "1165554821"
"m2_114" = "254643117"
"m2_115" = "1989941830"
"m2_185" = "3201212431"
"m2_184" = "1465912220"
"m2_187" = "2376826155"
"m2_186" = "641523802"
"m2_181" = "555012441"
"m2_180" = "3114680852"
"m2_183" = "4025594604"
"m2_182" = "2290295438"
"m2_189" = "1552443059"
"m2_188" = "4112120314"
"m2_258" = "1028412110"
"m3_180" = "3097834125"
"m1_153" = "1216358047"
"m4_253" = "941891257"
"m4_98" = "2554767290"
"m4_99" = "4290058023"
"m4_252" = "3501567820"
"m4_92" = "732957484"
"m4_93" = "2468248217"
"m4_90" = "1557343314"
"m4_91" = "3292634047"
"m4_96" = "3379153120"
"m4_97" = "819476557"
"m4_94" = "4203538950"
"m4_95" = "1643862387"
"m3_242" = "3345366819"
"m2_137" = "1511633715"
"m1_249" = "189410392"
"m1_248" = "3946419377"
"m4_255" = "117505427"
"m4_254" = "2677181990"
"m3_262" = "3657786279"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m4_259" = "2763701063"
"m4_258" = "1028410330"
"m2_138" = "3246918244"
"m2_139" = "687249089"
"m3_153" = "3489919500"
"m3_152" = "1754350225"
"m3_151" = "52482914"
"m3_150" = "2612405239"
"m3_157" = "1874411504"
"m3_156" = "105417797"
"m3_155" = "2665356502"
"m3_154" = "963407291"
"m4_217" = "2895934309"
"m4_216" = "1160643576"
"m3_159" = "1016356506"
"m3_158" = "3609964399"
"m4_213" = "249738673"
"m4_212" = "2809415236"
"m4_211" = "1074124503"
"m4_210" = "3633801066"
"m1_179" = "3682729808"
"m1_178" = "3508023924"
"m4_260" = "204024500"
"m1_173" = "2203286492"
"m1_172" = "3016441855"
"m1_171" = "3472548734"
"m1_170" = "2304107742"
"m1_177" = "3409859444"
"m1_176" = "632772987"
"m1_175" = "1551260976"
"m1_174" = "2971589183"
"m1_9" = "151879564"
"m4_245" = "4239434577"
"m4_218" = "336257746"
"m3_181" = "538419768"
"m1_270" = "1473145152"
"m1_262" = "2783467715"
"m1_8" = "3256253133"
"m2_211" = "1074122680"
"m3_265" = "273825276"
"m2_108" = "2727810816"
"m2_206" = "987604018"
"m2_207" = "2722892971"
"m2_204" = "1811994952"
"m2_205" = "3547278789"
"m2_202" = "2636381896"
"m2_203" = "76695899"
"m2_200" = "3460765843"
"m2_201" = "901080491"
"m4_207" = "2722896163"
"m2_208" = "163222056"
"m2_209" = "1898508089"
"m3_148" = "3403350317"
"m4_236" = "1506719868"
"m2_58" = "1862610710"
"m2_59" = "3597909434"
"m3_149" = "843427928"
"m2_54" = "3511393050"
"m2_55" = "951706087"
"m2_56" = "2686992738"
"m2_57" = "127325810"
"m2_50" = "865194941"
"m2_51" = "2600479459"
"m2_52" = "40811178"
"m2_53" = "1776091217"
"m3_197" = "2532889800"
"m2_106" = "3552184040"
"m3_196" = "831399261"
"m4_200" = "3460762920"
"m3_195" = "3357379118"
"m3_270" = "393932511"
"m3_194" = "1622350515"
"m4_202" = "2636377090"
"m1_61" = "27768135"
"m3_193" = "4215368452"
"m4_203" = "76700527"
"m3_192" = "2479946729"
"m3_191" = "711346298"
"m1_218" = "4168726684"
"m4_239" = "2417624771"
"m3_190" = "3270891727"
"m4_238" = "682334038"
"m4_138" = "3246919874"
"m4_139" = "687243311"
"m4_132" = "1425110068"
"m4_133" = "3160400801"
"m4_130" = "2249495898"
"m4_131" = "3984786631"
"m4_136" = "4071305704"
"m4_137" = "1511629141"
"m4_134" = "600724238"
"m4_135" = "2336014971"
"m1_219" = "1025839978"
"m3_178" = "3955889123"
"m2_136" = "4071303221"
"m1_196" = "1271837221"
"m2_141" = "4157820224"
"m2_140" = "2422534894"
"m2_143" = "3333435351"
"m2_142" = "1598150006"
"m2_145" = "2509048020"
"m2_144" = "773753864"
"m4_58" = "1862614706"
"m4_59" = "3597905439"
"m4_56" = "2687000536"
"m4_57" = "127323973"
"m4_54" = "3511386366"
"m4_55" = "951709803"
"m4_52" = "40804900"
"m4_53" = "1776095633"
"m4_50" = "865190730"
"m4_51" = "2600481463"
"m3_172" = "2133964565"
"m2_255" = "117501710"
"m1_37" = "3754015242"
"m1_36" = "3274605069"
"m1_35" = "2161529661"
"m1_34" = "1003101363"
"m1_33" = "1943819026"
"m1_32" = "2731709687"
"m1_31" = "790639245"
"m1_30" = "1973672093"
"m3_188" = "4095393317"
"m3_189" = "1569401168"
"m1_39" = "571943250"
"m1_38" = "3655391382"
"m1_42" = "557879107"
"m1_43" = "2474203956"
"m1_40" = "739755721"
"m1_41" = "2015799742"
"m1_46" = "796432676"
"m1_47" = "3896583602"
"m1_44" = "1149988469"
"m1_45" = "3272971938"
"m1_48" = "1130703054"
"m1_49" = "3113898838"
"m3_119" = "357998978"
"m3_118" = "2917414423"
"m3_117" = "1148946168"
"m3_116" = "3741914957"
"m3_115" = "2006935518"
"m3_114" = "237958307"
"m3_113" = "2797356340"
"m3_112" = "1096013209"
"m3_111" = "3655416426"
"m3_110" = "1886423807"
"m1_193" = "846742759"
"m2_95" = "1643859302"
"m1_192" = "1193827454"
"m4_243" = "768853111"
"m1_137" = "651356643"
"m1_136" = "3325896790"
"m1_135" = "4127936274"
"m1_134" = "2893685075"
"m1_133" = "3534992108"
"m1_132" = "2976761342"
"m1_131" = "2275606011"
"m1_130" = "3550298598"
"m1_212" = "364212077"
"m1_240" = "793286221"
"m1_139" = "3300257368"
"m1_138" = "3329493689"
"m1_182" = "3787731908"
"m1_183" = "4252941347"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m1_181" = "1678295257"
"m1_186" = "3500999790"
"m1_187" = "3863239586"
"m1_184" = "1799500854"
"m1_185" = "83791732"
"m1_223" = "2927256487"
"m1_222" = "2324290618"
"m1_188" = "1432864434"
"m1_189" = "976618703"
"m1_227" = "3519889614"
"m1_226" = "2106103114"
"m1_225" = "2601513910"
"m1_224" = "2044955100"
"m2_10" = "173032746"
"m2_11" = "1908331499"
"m2_12" = "3643615808"
"m2_13" = "1083945517"
"m2_14" = "2819228168"
"m2_15" = "259556002"
"m2_16" = "1994846993"
"m2_17" = "3730138108"
"m2_18" = "1170458986"
"m2_19" = "2905758723"
"m1_208" = "3214485393"
"m3_71" = "2929954066"
"m3_70" = "1227955687"
"m3_73" = "2139008060"
"m3_72" = "369900673"
"m3_75" = "1280954054"
"m3_74" = "3840892843"
"m3_77" = "490007008"
"m3_76" = "3049946741"
"m3_79" = "3927378058"
"m3_78" = "2191956255"
"m2_242" = "3328524302"
"m2_243" = "768859593"
"m2_89" = "4117013649"
"m2_88" = "2381731014"
"m2_246" = "1679754166"
"m2_240" = "4152913213"
"m2_244" = "2504139453"
"m2_245" = "4239438788"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m2_82" = "559916891"
"m2_81" = "3119600977"
"m2_80" = "1384301287"
"m2_87" = "646433310"
"m2_86" = "3206115838"
"m2_85" = "1470817537"
"m2_84" = "4030504192"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m4_257" = "3588086893"
"m1_98" = "2437606373"
"m2_256" = "1852800850"
"m3_238" = "698940799"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"
[HKCU\Software\Stvncyfrlda]
"m3_232" = "3172438241"
"m3_233" = "578813980"
"m3_230" = "3963318727"
"m2_109" = "168126038"
"m3_236" = "1489883733"
"m3_237" = "3225308608"
"m3_234" = "2347938699"
"m3_235" = "4083360550"
"m4_256" = "1852796160"
"m1_203" = "3615171295"
"m4_265" = "290543573"
"m4_12" = "3643619612"
"m4_13" = "1083943049"
"m4_10" = "173038146"
"m4_11" = "1908328879"
"m4_16" = "1994847952"
"m4_17" = "3730138685"
"m4_14" = "2819233782"
"m4_15" = "259557219"
"m2_105" = "1816896086"
"m2_104" = "81613218"
"m4_18" = "1170462122"
"m4_19" = "2905752855"
"m2_101" = "3465667997"
"m2_100" = "1730386994"
"m2_103" = "2641283973"
"m2_102" = "906000462"
"m2_178" = "3939066030"
"m2_179" = "1379397632"
"m3_264" = "2833351233"
"m2_170" = "2941643589"
"m2_171" = "381973751"
"m2_172" = "2117257300"
"m2_173" = "3852554397"
"m2_174" = "1292872282"
"m2_175" = "3028172452"
"m2_176" = "468484980"
"m2_177" = "2203783765"
"m4_161" = "208933773"
"m4_160" = "2768610336"
"m4_163" = "3679515239"
"m4_162" = "1944224506"
"m4_165" = "2855129409"
"m4_164" = "1119838676"
"m4_167" = "2030743579"
"m4_166" = "295452846"
"m4_169" = "1206357749"
"m4_168" = "3766034312"
[HKCU\Software\Stvncyfrlda\168128873]
"1821809806" = "0200687474703A2F2F7061647275702E636F6D2E64732F736F62616B61312E67696600687474703A2F2F34362E3130352E3130332E3231392F736F62616B61766F6C6F732E676966"
[HKCU\Software\Stvncyfrlda]
"m4_248" = "855372184"
"m4_67" = "300362119"
"m4_66" = "2860038682"
"m4_65" = "1124747949"
"m4_64" = "3684424512"
"m4_63" = "1949133779"
"m4_62" = "213843046"
"m4_61" = "2773519609"
"m4_60" = "1038228876"
"m4_69" = "3770943585"
"m4_68" = "2035652852"
"m4_198" = "4285148750"
"m4_199" = "1725472187"
"m1_157" = "2239822097"
"m4_195" = "3374243847"
"m4_196" = "814567284"
"m4_197" = "2549858017"
"m4_190" = "3287724774"
"m4_191" = "728048211"
"m4_192" = "2463338944"
"m4_193" = "4198629677"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\~nsu.tmp]
"Au_.exe" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\~nsu.tmp\Au_.exe:*:Enabled:ipsec"
Firewall notifications are disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
A firewall is disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"
The Virus deletes the following registry key(s):
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\termservice]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpcdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpdd.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\WZCSVC]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmserver]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmadmin]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdtcp.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ip6fw.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NtLmSsp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\tdpipe.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmload.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\nm]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\SRService]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\System\CurrentControlSet\Control\SafeBoot\Network\rdpwd.sys]
The Virus deletes the following value(s) in system registry:
[HKCU\Software\Stvncyfrlda]
"m2_8"
"m2_9"
"m2_2"
"m2_3"
"m2_0"
"m2_1"
"m2_6"
"m2_7"
"m2_4"
"m2_5"
"m4_222"
"m1_151"
"m1_79"
"m1_78"
"m4_226"
"m4_227"
"m4_224"
"m1_150"
"m1_73"
"m1_72"
"m1_71"
"m1_70"
"m1_77"
"m1_76"
"m1_75"
"m1_74"
"m3_166"
"m3_167"
"m3_164"
"m2_98"
"m3_162"
"m3_163"
"m3_160"
"m3_161"
"m1_155"
"m4_208"
"m3_168"
"m1_154"
"m2_147"
"m1_148"
"m1_149"
"m1_146"
"m1_147"
"m1_144"
"m1_145"
"m1_142"
"m1_143"
"m1_140"
"m2_107"
"m2_99"
"m2_148"
"m4_209"
"m1_250"
"m3_255"
"m1_251"
"m2_210"
"m3_35"
"m3_34"
"m3_37"
"m3_36"
"m3_31"
"m3_30"
"m3_33"
"m3_32"
"m3_39"
"m3_38"
"m1_269"
"m1_268"
"m4_0"
"m4_1"
"m4_2"
"m4_3"
"m4_4"
"m4_5"
"m4_6"
"m4_7"
"m4_8"
"m4_9"
"m2_213"
"m2_212"
"m2_215"
"m2_214"
"m2_217"
"m2_216"
"m2_69"
"m2_68"
"m4_251"
"m2_61"
"m2_60"
"m2_63"
"m2_62"
"m2_65"
"m2_64"
"m2_67"
"m2_66"
"m4_204"
"m1_241"
"m2_265"
"m2_267"
"m4_223"
"m4_220"
"m3_261"
"m4_205"
"m3_263"
"m4_221"
"m4_129"
"m4_128"
"m3_267"
"m3_266"
"m4_125"
"m4_124"
"m4_127"
"m4_126"
"m4_121"
"m4_120"
"m4_123"
"m4_122"
"m4_158"
"m4_159"
"m2_250"
"m3_249"
"m3_185"
"m4_150"
"m4_151"
"m4_152"
"m4_153"
"m4_154"
"m4_155"
"m4_156"
"m4_157"
"m2_134"
"m2_135"
"m4_29"
"m4_28"
"m2_130"
"m2_131"
"m2_132"
"m2_133"
"m4_23"
"m4_22"
"m4_21"
"m4_20"
"m4_27"
"m4_26"
"m4_25"
"m4_24"
"m1_195"
"m4_229"
"m3_182"
"m1_194"
"m3_247"
"m3_183"
"m1_197"
"m3_246"
"m1_24"
"m1_25"
"m1_26"
"m1_27"
"m1_20"
"m1_21"
"m1_22"
"m1_23"
"m1_191"
"m3_244"
"m1_28"
"m1_29"
"m3_199"
"m1_190"
"m3_122"
"m3_123"
"m3_120"
"m3_121"
"m3_126"
"m3_127"
"m3_124"
"m3_125"
"m3_128"
"m3_129"
"m3_165"
"m1_214"
"m1_99"
"m1_98"
"m1_215"
"m3_253"
"m1_91"
"m1_90"
"m1_93"
"m1_92"
"m1_95"
"m1_94"
"m1_97"
"m1_96"
"m2_254"
"m3_231"
"m1_202"
"m1_221"
"m2_257"
"m1_108"
"m1_109"
"m1_102"
"m1_103"
"m1_100"
"m1_101"
"m1_106"
"m1_107"
"m1_104"
"m1_105"
"m3_3"
"m3_2"
"m3_1"
"m3_0"
"m3_7"
"m3_6"
"m3_5"
"m3_4"
"m1_216"
"m1_217"
"m3_9"
"m3_8"
"m1_199"
"m1_198"
"m1_210"
"m1_211"
"m3_93"
"m3_92"
"m3_91"
"m3_90"
"m3_97"
"m3_96"
"m3_95"
"m3_94"
"m4_241"
"m3_99"
"m2_94"
"m3_98"
"m3_169"
"m2_251"
"m2_146"
"m1_5"
"m1_4"
"m1_7"
"m1_6"
"m1_1"
"m1_0"
"m3_68"
"m3_69"
"m3_66"
"m3_67"
"m3_64"
"m3_65"
"m3_62"
"m3_63"
"m3_60"
"m3_61"
"m2_220"
"m2_221"
"m2_222"
"m2_223"
"m2_224"
"m2_225"
"m2_226"
"m2_227"
"m2_228"
"m2_229"
"m2_149"
"m3_241"
"m3_229"
"m3_228"
"m3_225"
"m3_224"
"m3_227"
"m1_141"
"m3_221"
"m3_220"
"m3_223"
"m3_222"
"m3_258"
"m3_259"
"m2_29"
"m2_28"
"m2_253"
"m2_25"
"m2_24"
"m2_27"
"m2_26"
"m2_21"
"m2_20"
"m2_23"
"m2_22"
"m3_240"
"m4_244"
"m1_209"
"m1_258"
"m4_270"
"m2_169"
"m2_168"
"m2_252"
"m2_163"
"m2_162"
"m2_161"
"m2_160"
"m2_167"
"m2_166"
"m2_165"
"m2_164"
"m4_114"
"m4_115"
"m4_116"
"m4_117"
"m4_110"
"m4_111"
"m4_112"
"m4_113"
"m4_118"
"m4_119"
"m4_74"
"m4_75"
"m4_76"
"m4_77"
"m4_70"
"m4_71"
"m4_72"
"m4_73"
"m4_78"
"m4_79"
"m4_246"
"m2_270"
"m4_228"
"m4_189"
"m4_188"
"m4_187"
"m4_186"
"m4_185"
"m4_184"
"m4_183"
"m4_182"
"m4_181"
"m4_180"
"m1_213"
"m1_3"
"m1_2"
"m4_247"
"m2_90"
"m2_91"
"m2_92"
"m1_68"
"m1_69"
"m4_237"
"m2_93"
"m4_231"
"m4_230"
"m4_233"
"m4_232"
"m1_60"
"m1_61"
"m1_62"
"m1_63"
"m1_64"
"m1_65"
"m1_66"
"m1_67"
"m3_179"
"m3_178"
"m1_259"
"m2_96"
"m3_130"
"m3_171"
"m3_170"
"m3_173"
"m2_97"
"m3_175"
"m3_174"
"m3_177"
"m3_176"
"m4_268"
"m4_249"
"m4_235"
"m1_152"
"m2_259"
"m1_267"
"m1_266"
"m1_252"
"m1_265"
"m3_22"
"m3_23"
"m3_20"
"m3_21"
"m3_26"
"m3_27"
"m3_24"
"m3_25"
"m1_159"
"m1_158"
"m3_28"
"m3_29"
"m1_256"
"m1_257"
"m1_254"
"m1_255"
"m2_268"
"m1_261"
"m2_264"
"m1_253"
"m2_266"
"m1_260"
"m2_260"
"m2_261"
"m2_262"
"m2_263"
"m2_76"
"m2_77"
"m2_74"
"m2_75"
"m2_72"
"m2_73"
"m2_70"
"m2_71"
"m2_78"
"m2_79"
"m3_57"
"m3_56"
"m3_55"
"m3_54"
"m3_53"
"m3_52"
"m3_51"
"m3_50"
"m3_59"
"m3_58"
"m2_219"
"m2_218"
"m1_156"
"m3_214"
"m3_215"
"m3_216"
"m3_217"
"m3_210"
"m3_211"
"m3_212"
"m3_213"
"m4_267"
"m3_218"
"m3_219"
"m2_127"
"m4_149"
"m4_148"
"m3_226"
"m2_126"
"m4_143"
"m4_142"
"m4_141"
"m4_140"
"m4_147"
"m4_146"
"m4_145"
"m4_144"
"m4_38"
"m4_39"
"m2_125"
"m2_124"
"m2_123"
"m2_122"
"m2_121"
"m2_120"
"m4_30"
"m4_31"
"m4_32"
"m4_33"
"m4_34"
"m4_35"
"m4_36"
"m4_37"
"m2_192"
"m2_193"
"m2_190"
"m2_191"
"m2_196"
"m2_197"
"m2_194"
"m2_195"
"m2_198"
"m2_199"
"m4_269"
"m1_11"
"m1_10"
"m1_13"
"m1_12"
"m1_15"
"m1_14"
"m1_17"
"m1_16"
"m1_19"
"m1_18"
"m3_184"
"m4_206"
"m1_263"
"m3_135"
"m3_134"
"m3_137"
"m3_136"
"m4_89"
"m4_88"
"m3_133"
"m3_132"
"m4_85"
"m4_84"
"m4_87"
"m4_86"
"m4_81"
"m4_80"
"m4_83"
"m4_82"
"m3_250"
"m2_269"
"m2_129"
"m3_251"
"m2_128"
"m3_252"
"m3_268"
"m1_86"
"m1_87"
"m1_84"
"m1_85"
"m1_82"
"m1_83"
"m1_80"
"m1_81"
"m3_254"
"m1_229"
"m1_88"
"m1_89"
"m3_198"
"m1_228"
"m3_256"
"m3_186"
[HKLM\System\CurrentControlSet\Control\SafeBoot]
"AlternateShell"
[HKCU\Software\Stvncyfrlda]
"m3_257"
"m3_140"
"m3_141"
"m3_142"
"m3_143"
"m1_119"
"m1_118"
"m3_146"
"m3_147"
"m1_115"
"m1_114"
"m1_117"
"m1_116"
"m1_111"
"m1_110"
"m1_113"
"m1_112"
"m1_168"
"m1_169"
"m1_220"
"m4_219"
"m1_160"
"m1_161"
"m1_162"
"m1_163"
"m1_164"
"m1_165"
"m1_166"
"m1_167"
"m3_80"
"m3_81"
"m3_82"
"m3_83"
"m3_84"
"m3_85"
"m3_86"
"m3_87"
"m3_88"
"m3_89"
"m4_215"
"m4_214"
"m4_225"
"m4_194"
"m1_201"
"m1_200"
"m3_19"
"m3_18"
"m1_205"
"m1_204"
"m1_207"
"m1_206"
"m3_13"
"m3_12"
"m3_11"
"m3_10"
"m3_17"
"m3_16"
"m3_15"
"m3_14"
"m2_233"
"m2_232"
"m2_231"
"m2_230"
"m2_237"
"m2_236"
"m2_235"
"m2_234"
"m2_239"
"m2_238"
"m2_49"
"m2_48"
"m2_47"
"m2_46"
"m2_45"
"m2_44"
"m2_43"
"m2_42"
"m2_41"
"m2_40"
"m2_38"
"m2_39"
"m2_32"
"m2_33"
"m2_30"
"m2_31"
"m2_36"
"m2_37"
"m2_34"
"m2_35"
"m2_247"
"m4_240"
"m2_158"
"m2_159"
"m2_156"
"m2_157"
"m2_154"
"m2_155"
"m2_152"
"m2_153"
"m2_150"
"m2_151"
"m4_107"
"m4_106"
"m4_105"
"m4_104"
"m4_103"
"m4_102"
"m4_101"
"m4_100"
"m3_131"
"m4_242"
"m4_109"
"m4_108"
"m4_41"
"m4_40"
"m4_43"
"m4_42"
"m4_45"
"m4_44"
"m4_47"
"m4_46"
"m4_49"
"m4_48"
"m1_264"
"m3_245"
"m3_139"
"m3_138"
"m4_250"
"m4_266"
"m1_55"
"m1_54"
"m1_57"
"m1_56"
"m1_51"
"m1_50"
"m1_53"
"m1_52"
"m1_59"
"m1_58"
"m2_241"
"m3_108"
"m3_109"
"m3_104"
"m3_105"
"m3_106"
"m3_107"
"m3_100"
"m3_101"
"m3_102"
"m3_103"
"m4_264"
"m2_248"
"m2_249"
"m3_260"
"m4_234"
"m1_124"
"m1_125"
"m1_126"
"m1_127"
"m1_120"
"m1_121"
"m1_122"
"m1_123"
"m1_245"
"m1_244"
"m1_247"
"m1_246"
"m1_128"
"m1_129"
"m1_243"
"m1_242"
"m1_238"
"m1_239"
"m3_248"
"m3_187"
"m1_230"
"m1_231"
"m1_232"
"m1_233"
"m1_234"
"m1_235"
"m1_236"
"m1_237"
"m3_269"
"m4_262"
"m3_243"
"m3_44"
"m3_45"
"m3_46"
"m3_47"
"m3_40"
"m3_41"
"m3_42"
"m3_43"
"m3_48"
"m3_49"
"m4_263"
"m3_144"
"m3_207"
"m3_206"
"m3_205"
"m3_204"
"m3_203"
"m3_202"
"m3_201"
"m3_200"
"m3_145"
"m3_209"
"m3_208"
"m4_178"
"m4_179"
"m4_176"
"m4_177"
"m4_174"
"m4_175"
"m4_172"
"m4_173"
"m4_170"
"m4_171"
"m4_261"
"m2_118"
"m2_119"
"m2_112"
"m2_113"
"m2_110"
"m2_111"
"m2_116"
"m2_117"
"m2_114"
"m2_115"
"m2_185"
"m2_184"
"m2_187"
"m2_186"
"m2_181"
"m2_180"
"m2_183"
"m2_182"
"m2_189"
"m2_188"
"m2_258"
"m3_180"
"m1_153"
"m4_253"
"m4_98"
"m4_99"
"m4_252"
"m4_92"
"m4_93"
"m4_90"
"m4_91"
"m4_96"
"m4_97"
"m4_94"
"m4_95"
"m3_242"
"m2_137"
"m1_249"
"m1_248"
"m4_255"
"m4_254"
"m3_262"
"m4_259"
"m4_258"
"m2_138"
"m2_139"
"m3_153"
"m3_152"
"m3_151"
"m3_150"
"m3_157"
"m3_156"
"m3_155"
"m3_154"
"m4_217"
"m4_216"
"m3_159"
"m3_158"
"m4_213"
"m4_212"
"m4_211"
"m4_210"
"m1_179"
"m1_178"
"m4_260"
"m1_173"
"m1_172"
"m1_171"
"m1_170"
"m1_177"
"m1_176"
"m1_175"
"m1_174"
"m1_9"
"m4_245"
"m4_218"
"m3_181"
"m1_270"
"m1_262"
"m1_8"
"m2_211"
"m3_265"
"m2_108"
"m2_206"
"m2_207"
"m2_204"
"m2_205"
"m2_202"
"m2_203"
"m2_200"
"m2_201"
"m4_207"
"m2_208"
"m2_209"
"m3_148"
"m4_236"
"m2_58"
"m2_59"
"m3_149"
"m2_54"
"m2_55"
"m2_56"
"m2_57"
"m2_50"
"m2_51"
"m2_52"
"m2_53"
"m3_197"
"m2_106"
"m3_196"
"m4_200"
"m3_195"
"m3_270"
"m4_201"
"m3_194"
"m4_202"
"m3_193"
"m4_203"
"m3_192"
"m3_191"
"m1_218"
"m4_239"
"m3_190"
"m4_238"
"m4_138"
"m4_139"
"m4_132"
"m4_133"
"m4_130"
"m4_131"
"m4_136"
"m4_137"
"m4_134"
"m4_135"
"m1_219"
"m2_136"
"m1_196"
"m2_141"
"m2_140"
"m2_143"
"m2_142"
"m2_145"
"m2_144"
"m4_58"
"m4_59"
"m4_56"
"m4_57"
"m4_54"
"m4_55"
"m4_52"
"m4_53"
"m4_50"
"m4_51"
"m3_172"
"m2_255"
"m1_37"
"m1_36"
"m1_35"
"m1_34"
"m1_33"
"m1_32"
"m1_31"
"m1_30"
"m3_188"
"m3_189"
"m1_39"
"m1_38"
"m1_42"
"m1_43"
"m1_40"
"m1_41"
"m1_46"
"m1_47"
"m1_44"
"m1_45"
"m1_48"
"m1_49"
"m3_119"
"m3_118"
"m3_117"
"m3_116"
"m3_115"
"m3_114"
"m3_113"
"m3_112"
"m3_111"
"m3_110"
"m1_193"
"m2_95"
"m1_192"
"m4_243"
"m1_137"
"m1_136"
"m1_135"
"m1_134"
"m1_133"
"m1_132"
"m1_131"
"m1_130"
"m1_212"
"m1_240"
"m1_139"
"m1_138"
"m1_182"
"m1_183"
"m1_180"
"m1_181"
"m1_186"
"m1_187"
"m1_184"
"m1_185"
"m1_223"
"m1_222"
"m1_188"
"m1_189"
"m1_227"
"m1_226"
"m1_225"
"m1_224"
"m2_10"
"m2_11"
"m2_12"
"m2_13"
"m2_14"
"m2_15"
"m2_16"
"m2_17"
"m2_18"
"m2_19"
"m1_208"
"m3_71"
"m3_70"
"m3_73"
"m3_72"
"m3_75"
"m3_74"
"m3_77"
"m3_76"
"m3_79"
"m3_78"
"m2_242"
"m2_243"
"m2_89"
"m2_88"
"m2_246"
"m2_240"
"m2_244"
"m2_245"
"m2_83"
"m2_82"
"m2_81"
"m2_80"
"m2_87"
"m2_86"
"m2_85"
"m2_84"
"m4_257"
"m2_256"
"m3_238"
"m3_239"
"m3_232"
"m3_233"
"m3_230"
"m2_109"
"m3_236"
"m3_237"
"m3_234"
"m3_235"
"m4_256"
"m1_203"
"m4_265"
"m4_12"
"m4_13"
"m4_10"
"m4_11"
"m4_16"
"m4_17"
"m4_14"
"m4_15"
"m2_105"
"m2_104"
"m4_18"
"m4_19"
"m2_101"
"m2_100"
"m2_103"
"m2_102"
"m2_178"
"m2_179"
"m3_264"
"m2_170"
"m2_171"
"m2_172"
"m2_173"
"m2_174"
"m2_175"
"m2_176"
"m2_177"
"m4_161"
"m4_160"
"m4_163"
"m4_162"
"m4_165"
"m4_164"
"m4_167"
"m4_166"
"m4_169"
"m4_168"
"m4_248"
"m4_67"
"m4_66"
"m4_65"
"m4_64"
"m4_63"
"m4_62"
"m4_61"
"m4_60"
"m4_69"
"m4_68"
"m4_198"
"m4_199"
"m1_157"
"m4_195"
"m4_196"
"m4_197"
"m4_190"
"m4_191"
"m4_192"
"m4_193"
The process %original file name%.exe:1124 makes changes in the system registry.
The Virus creates and/or sets the following values in system registry:
[HKCU\Software\Stvncyfrlda]
"m2_8" = "997420773"
"m2_9" = "2732719960"
"m2_2" = "3470576471"
"m2_3" = "910908362"
"m2_0" = "5517"
"m2_1" = "1735293664"
"m2_6" = "1821804803"
"m2_7" = "3557105270"
"m2_4" = "2646190137"
"m2_5" = "86522028"
"m4_222" = "2982453382"
"m1_151" = "2332094709"
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m1_78" = "496890157"
"m4_226" = "1333681722"
"m4_227" = "3068972455"
"m4_224" = "2158067552"
"m1_150" = "424564409"
"m1_73" = "4016171852"
"m1_72" = "669845477"
"m1_71" = "2088517138"
"m1_70" = "2833234694"
"m1_77" = "158145522"
"m1_76" = "466998487"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Stvncyfrlda]
"m1_74" = "2146080585"
"m3_166" = "278866567"
"m3_167" = "2013911602"
"m3_164" = "1136397309"
"m2_98" = "2554772804"
"m1_144" = "1798187162"
"m3_163" = "3662911566"
"m3_160" = "2751909385"
"m3_161" = "225933732"
"m1_155" = "211473041"
"m4_208" = "163219600"
"m3_168" = "3782899105"
"m1_154" = "746584864"
[HKCU\Software\Stvncyfrlda\168128873]
"-737866757" = "58885256CEB138BF289B3FE61C5E671D2E4D94225C4FBCE4F0DE94D4B7C6392939AA4886E4653CEE7B60948B66308353C8BBD5AE9DDF9D8811FEE480E8441E72BE888FD57C7DF806E086A0E5DB748F0253CF7C7D80F1B655BBDC36A6B023154295785206CD56E65771B4CF0086E88C785CF8C0E79612D1A27360920106C8FD553BA45DC6F2A1000AB402F36DBF857C1185A98D2E85109D9FD5DA5D9DAC6CF78DD42468E6AAA565B58EBD7520B7BC8A2F1C00B75D6B842D36E293F4AF3B51E71EE226DED82E8165CB677EE0EA5BDDA27433B041F67665D554619E5A8CC804F9380D19D04300BC619829CDC374400D9780AF7BBAE5BA38A609F7EDFA8C4C4A9E5B"
[HKCU\Software\Stvncyfrlda]
"m2_147" = "1684663018"
"m1_148" = "462448063"
"m1_149" = "2348482344"
"m1_146" = "2471073169"
"m1_147" = "239319337"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden" = "2"
[HKCU\Software\Stvncyfrlda]
"m1_145" = "297981414"
"m1_142" = "1396584362"
"m1_143" = "4062879374"
"m1_140" = "3046822439"
"m2_107" = "992512885"
"m2_99" = "4290055621"
"m2_148" = "3419960848"
"m4_209" = "1898510333"
"m1_250" = "2733256631"
"m3_255" = "100898746"
"m1_251" = "2329294615"
"m2_210" = "3633791648"
"m3_35" = "622481870"
"m3_34" = "3182011987"
"m3_37" = "4092948712"
"m3_36" = "2323956093"
"m3_31" = "2270958618"
"m3_30" = "535979247"
"m3_33" = "1413429028"
"m3_32" = "3972958089"
"m3_39" = "3234960306"
"m3_38" = "1533534215"
"m1_269" = "4259192743"
"m1_268" = "3498640479"
"m4_0" = "0"
"m4_1" = "1735290733"
"m4_2" = "3470581466"
"m4_3" = "910904903"
"m4_4" = "2646195636"
"m4_5" = "86519073"
"m4_6" = "1821809806"
"m4_7" = "3557100539"
"m4_8" = "997423976"
"m4_9" = "2732714709"
"m2_213" = "249733270"
"m2_212" = "2809423430"
"m2_215" = "3720327489"
"m2_214" = "1985033351"
"m2_217" = "2895930545"
"m2_216" = "1160650456"
"m2_69" = "3770948725"
"m2_68" = "2035647188"
"m4_251" = "1766277087"
"m2_61" = "2773521814"
"m2_60" = "1038225466"
"m2_63" = "1949136233"
"m2_62" = "213838740"
"m2_65" = "1124752575"
"m2_64" = "3684420318"
"m2_67" = "300363776"
"m2_66" = "2860033184"
"m4_204" = "1811991260"
"m2_251" = "1766270371"
"m1_241" = "3551508523"
"m2_265" = "290540621"
"m2_267" = "3761120591"
"m4_223" = "422776819"
"m1_79" = "2790714074"
"m3_261" = "1922363400"
"m4_205" = "3547281993"
"m3_263" = "1131877074"
"m4_221" = "1247162649"
"m4_129" = "514205165"
"m4_128" = "3073881728"
"m3_267" = "3777846406"
"m3_266" = "2042408299"
"m4_125" = "2162976825"
"m4_124" = "427686092"
"m4_127" = "1338590995"
"m4_126" = "3898267558"
"m4_121" = "3811748485"
"m4_120" = "2076457752"
"m4_123" = "2987362655"
"m4_122" = "1252071922"
"m4_158" = "3592996166"
"m4_159" = "1033319603"
"m2_250" = "30984142"
"m3_249" = "2607352620"
"m3_185" = "3217944556"
"m4_150" = "2595572190"
"m4_151" = "35895627"
"m4_152" = "1771186360"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Stvncyfrlda]
"m4_154" = "946800530"
"m4_155" = "2682091263"
"m4_156" = "122414700"
"m4_157" = "1857705433"
"m2_134" = "600722245"
"m2_135" = "2336021725"
"m4_29" = "3078791001"
"m4_28" = "1343500268"
"m2_130" = "2249490722"
"m2_131" = "3984789978"
"m2_132" = "1425106115"
"m2_133" = "3160406377"
"m4_23" = "1256981195"
"m4_22" = "3816657758"
"m4_21" = "2081367025"
"m4_20" = "346076292"
"m4_27" = "3903176831"
"m4_26" = "2167886098"
"m4_25" = "432595365"
"m4_24" = "2992271928"
"m1_195" = "2643304008"
"m4_229" = "2244586625"
"m3_182" = "2306891095"
"m1_194" = "1457650156"
"m3_247" = "3398363138"
"m3_183" = "4008889538"
"m1_197" = "295356343"
"m3_246" = "1696364695"
"m1_24" = "2112193355"
"m1_25" = "2181166612"
"m1_26" = "2783849177"
"m1_27" = "1144466001"
"m1_20" = "480859198"
"m1_21" = "3559623819"
"m1_22" = "3042679330"
"m1_23" = "1478140349"
"m1_191" = "580673665"
"m3_244" = "2487310797"
"m1_28" = "1162819486"
"m1_29" = "3669763340"
"m3_199" = "1742469010"
"m1_190" = "1943618453"
"m3_122" = "1268937691"
"m3_123" = "3003966326"
"m3_120" = "2059882801"
"m3_121" = "3794911404"
"m3_126" = "3914972559"
"m3_127" = "1321872698"
"m3_124" = "410948325"
"m3_125" = "2179924496"
"m3_128" = "3056917673"
"m3_129" = "530927556"
"m3_165" = "2871966568"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m3_162" = "1927407827"
"m1_214" = "1896519380"
[HKCU\Software\Stvncyfrlda\168128873]
"86519073" = "73"
[HKCU\Software\Stvncyfrlda]
"m1_99" = "165019942"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2B 0B E0 69 03 E6 82 87 A0 54 44 FD 49 C8 FD 68"
[HKCU\Software\Stvncyfrlda]
"m1_215" = "2237384134"
"m3_253" = "958887056"
"m1_91" = "2051716867"
"m1_90" = "1029108706"
"m1_93" = "4115819492"
"m1_92" = "4066794608"
"m1_95" = "3262248306"
"m1_94" = "1906517587"
"m1_97" = "35254771"
"m1_96" = "1305171134"
"m2_254" = "2677183293"
"m3_231" = "1436934514"
"m1_202" = "3756439480"
"m1_221" = "3235915646"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Stvncyfrlda]
"m2_257" = "3588082311"
"m1_108" = "3600036583"
"m1_109" = "1361232034"
"m4_201" = "901086357"
"m1_102" = "1006028312"
"m1_103" = "646318433"
"m1_100" = "3722719213"
"m1_101" = "1657642839"
"m1_106" = "1682219155"
"m1_107" = "2574215857"
"m1_104" = "3861228572"
"m1_105" = "71901328"
"m3_3" = "927474798"
"m3_2" = "3487544563"
"m3_1" = "1718420804"
"m3_0" = "17001001"
"m3_7" = "3573965266"
"m3_6" = "1838544551"
"m3_5" = "69945096"
"m3_4" = "2629490589"
"m1_216" = "2713809474"
"m1_217" = "2546009400"
"m3_9" = "2749530364"
"m3_8" = "980422977"
"m1_199" = "3791035262"
"m1_198" = "2090234686"
"m1_210" = "1677293012"
"m1_211" = "1984645151"
"m3_93" = "2451378352"
"m3_92" = "716398853"
"m3_91" = "3309498774"
"m3_90" = "1573930619"
"m3_97" = "836457060"
"m3_96" = "3362431689"
"m3_95" = "1626878810"
"m3_94" = "4220485679"
[HKCU\Software\Stvncyfrlda\168128873]
"1735290733" = "87"
[HKCU\Software\Stvncyfrlda]
"m4_241" = "1593238941"
"m3_99" = "4273372430"
"m2_94" = "4203540783"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m3_98" = "2571488659"
"m3_169" = "1189405916"
"m1_75" = "3884680605"
"m2_146" = "4244347200"
"m1_5" = "990974441"
"m1_4" = "2043211597"
"m1_7" = "2820037032"
"m1_6" = "942015960"
"m1_1" = "692605188"
"m1_0" = "1431655765"
"m3_68" = "2018964189"
"m3_69" = "3787940424"
"m3_66" = "2877018163"
"m3_67" = "283394990"
"m3_64" = "3667439977"
"m3_65" = "1107894404"
"m3_62" = "230528591"
"m3_63" = "1965949434"
"m3_60" = "1021409189"
"m3_61" = "2756962000"
"m2_220" = "3806843608"
"m2_221" = "1247160366"
"m2_222" = "2982460088"
"m2_223" = "422780889"
"m2_224" = "2158062088"
"m2_225" = "3893359355"
"m2_226" = "1333674508"
"m2_227" = "3068974377"
"m2_228" = "509290547"
"m2_229" = "2244590124"
"m2_149" = "860276791"
"m3_241" = "1609928628"
"m3_229" = "2227881640"
"m3_228" = "525883197"
"m3_225" = "3909911780"
"m3_224" = "2174883145"
"m3_227" = "3085936526"
"m1_141" = "1482584400"
"m3_221" = "1263885104"
"m3_220" = "3823414149"
"m3_223" = "405824986"
"m3_222" = "2965883567"
"m3_258" = "1011818995"
"m3_259" = "2780418414"
"m2_29" = "3078784361"
"m2_28" = "1343503986"
"m2_253" = "941885326"
"m2_25" = "432600617"
"m2_24" = "2992270466"
"m2_27" = "3903184141"
"m2_26" = "2167896592"
"m2_21" = "2081373437"
"m2_20" = "346071270"
"m2_23" = "1256986431"
"m2_22" = "3816666772"
"m3_240" = "4136311833"
"m4_244" = "2504143844"
"m1_209" = "154513840"
"m1_258" = "2888189151"
"m4_220" = "3806839212"
"m4_270" = "377062646"
"m2_169" = "1206361665"
"m2_168" = "3766028227"
"m2_252" = "3501569404"
[HKCU\Software\Stvncyfrlda\168128873]
"-1648771660" = "30"
[HKCU\Software\Stvncyfrlda]
"m2_163" = "3679512769"
"m2_162" = "1944228341"
"m2_161" = "208928859"
"m2_160" = "2768617248"
"m2_167" = "2030741223"
"m2_166" = "295459658"
"m2_165" = "2855127158"
"m2_164" = "1119844508"
"m4_114" = "254647946"
"m4_115" = "1989938679"
"m4_116" = "3725229412"
"m4_117" = "1165552849"
"m4_110" = "1903419606"
"m4_111" = "3638710339"
"m4_112" = "1079033776"
"m4_113" = "2814324509"
"m4_118" = "2900843582"
"m4_119" = "341167019"
"m4_74" = "3857462658"
"m4_75" = "1297786095"
"m4_76" = "3033076828"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m4_70" = "1211267022"
"m4_71" = "2946557755"
"m4_72" = "386881192"
"m4_73" = "2122171925"
"m4_78" = "2208690998"
"m4_79" = "3943981731"
"m4_246" = "1679758014"
"m2_270" = "377065937"
"m4_228" = "509295892"
"m4_189" = "1552434041"
"m4_188" = "4112110604"
"m4_187" = "2376819871"
"m4_186" = "641529138"
"m4_185" = "3201205701"
"m4_184" = "1465914968"
"m4_183" = "4025591531"
"m4_182" = "2290300798"
"m4_181" = "555010065"
"m4_180" = "3114686628"
"m1_213" = "3085980930"
"m1_3" = "553799287"
"m1_2" = "2322242303"
"m4_247" = "3415048747"
"m2_90" = "1557347139"
"m2_91" = "3292629698"
"m2_92" = "732959114"
"m1_68" = "1969928109"
"m1_69" = "7623848"
"m4_237" = "3242010601"
"m2_93" = "2468241613"
"m4_231" = "1420200795"
"m4_230" = "3979877358"
"m4_233" = "595814965"
"m4_232" = "3155491528"
"m1_60" = "3058324726"
"m1_62" = "185503965"
"m1_63" = "3055034906"
"m1_64" = "1713976635"
"m1_65" = "4148594982"
"m1_66" = "3018234535"
"m1_67" = "1682329809"
"m3_179" = "1395950366"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m1_259" = "42701422"
"m2_96" = "3379157030"
"m3_130" = "2266496883"
"m3_171" = "398919654"
"m3_170" = "2924909643"
"m3_173" = "3835831936"
"m2_97" = "819470841"
"m3_175" = "3044884906"
"m3_174" = "1275909695"
"m3_177" = "2186829940"
"m3_176" = "451932377"
"m4_268" = "1201448476"
"m4_249" = "2590662917"
"m4_235" = "4066396431"
"m1_152" = "511124959"
"m2_259" = "2763693709"
"m1_267" = "2118737906"
"m1_266" = "2523103868"
"m1_252" = "2710939155"
"m1_265" = "1163045739"
"m3_22" = "3799972215"
"m3_23" = "1273981154"
"m3_20" = "363060909"
"m3_21" = "2097957336"
"m3_26" = "2150906683"
"m3_27" = "3920013910"
"m3_24" = "3008960529"
"m3_25" = "415992716"
"m1_159" = "3139067661"
"m1_158" = "3306937149"
"m3_28" = "1360479685"
"m3_29" = "3061970288"
"m1_256" = "1771816138"
"m1_257" = "2155941656"
"m1_254" = "1905077835"
"m1_255" = "1583084890"
"m2_268" = "1201451930"
"m1_261" = "1403965823"
"m2_264" = "2850224777"
"m1_253" = "664705388"
"m2_266" = "2025836848"
"m1_260" = "2798526981"
"m2_260" = "204027669"
"m2_261" = "1939311170"
"m2_262" = "3674611250"
"m2_263" = "1114923423"
"m2_76" = "3033071995"
"m2_77" = "473406283"
"m2_74" = "3857460694"
"m2_75" = "1297789211"
"m2_72" = "386875799"
"m2_73" = "2122176396"
"m2_70" = "1211262086"
"m2_71" = "2946563951"
"m2_78" = "2208687796"
"m2_79" = "3943985447"
"m3_57" = "110470508"
"m3_56" = "2703963633"
"m3_55" = "968530498"
"m3_54" = "3494439639"
"m3_53" = "1759411128"
"m3_52" = "57526285"
"m3_51" = "2583910558"
"m3_50" = "848472419"
"m3_59" = "3614491702"
"m3_58" = "1845908635"
"m2_219" = "2071545430"
"m2_218" = "336263342"
"m1_156" = "1533929191"
"m3_214" = "2001882935"
"m3_215" = "3703373474"
"m3_216" = "1143826897"
"m3_217" = "2912885068"
"m3_210" = "3650358595"
"m3_211" = "1090960638"
"m3_212" = "2792828013"
"m3_213" = "266461080"
"m4_267" = "3761125039"
"m3_218" = "352946427"
"m3_219" = "2054830102"
"m2_127" = "1338594359"
"m4_149" = "860281457"
"m4_148" = "3419958020"
"m3_226" = "1316828179"
"m2_126" = "3898265228"
"m4_143" = "3333438947"
"m4_142" = "1598148214"
"m4_141" = "4157824777"
"m4_140" = "2422534044"
"m4_147" = "1684667287"
"m4_146" = "4244343850"
"m4_145" = "2509053117"
"m4_144" = "773762384"
"m4_38" = "1516538414"
"m4_39" = "3251829147"
"m2_125" = "2162978893"
"m2_124" = "427682167"
"m2_123" = "2987367843"
"m2_122" = "1252066758"
"m2_121" = "3811750321"
"m2_120" = "2076451886"
"m4_30" = "519114438"
"m4_31" = "2254405171"
"m4_32" = "3989695904"
"m4_33" = "1430019341"
"m4_34" = "3165310074"
"m4_35" = "605633511"
"m4_36" = "2340924244"
"m4_37" = "4076214977"
"m2_192" = "2463334916"
"m2_193" = "4198637213"
"m2_190" = "3287721999"
"m2_191" = "728053808"
"m2_196" = "814569214"
"m2_197" = "2549852057"
"m2_194" = "1638946128"
"m2_195" = "3374249723"
[HKCU\Software\Stvncyfrlda\168128873]
"-824385830" = "0"
[HKCU\Software\Stvncyfrlda]
"m2_198" = "4285151764"
"m2_199" = "1725468911"
"m4_269" = "2936739209"
"m1_11" = "31487998"
"m1_10" = "3127516927"
"m1_13" = "3959391552"
"m1_12" = "1954038609"
"m1_15" = "481741629"
"m1_14" = "628379951"
"m1_17" = "3003209313"
"m1_16" = "2981283468"
"m1_19" = "1354185793"
"m1_18" = "857169174"
"m3_184" = "1449360497"
"m4_206" = "987605430"
"m1_263" = "656935493"
"m3_135" = "2319427666"
"m3_134" = "583874855"
"m3_137" = "1528482684"
"m3_136" = "4087897025"
"m4_89" = "4117019877"
"m4_88" = "2381729144"
"m3_133" = "3176958344"
"m3_132" = "1441930781"
"m4_85" = "1470824241"
"m4_84" = "4030500804"
"m4_87" = "646438411"
"m4_86" = "3206114974"
"m4_81" = "3119595901"
"m4_80" = "1384305168"
"m4_83" = "2295210071"
"m4_82" = "559919338"
"m3_250" = "14400091"
"m2_269" = "2936735634"
"m2_129" = "514207751"
"m3_251" = "1749308918"
"m2_128" = "3073876868"
"m3_252" = "3518416229"
"m3_268" = "1184877621"
"m1_86" = "2649054191"
"m1_87" = "1925033915"
"m1_84" = "3128572172"
"m1_85" = "3969956330"
"m1_82" = "1814322384"
"m1_83" = "1448494473"
"m1_80" = "1214350173"
"m1_81" = "2229866676"
"m3_254" = "2660361231"
"m1_180" = "988587620"
"m1_88" = "956473009"
"m1_89" = "4124865492"
"m3_198" = "4268311655"
"m1_229" = "3352744445"
"m1_228" = "1294492125"
"m3_256" = "1869350697"
"m3_186" = "658480923"
"m3_257" = "3571365444"
"m3_140" = "2439480757"
"m3_141" = "4140840224"
"m3_142" = "1581425759"
"m3_143" = "3350419402"
"m1_119" = "765342999"
"m1_118" = "248882171"
"m3_146" = "4260947459"
"m3_147" = "1701482942"
"m1_115" = "938637217"
"m1_114" = "4216106464"
"m1_117" = "3464095184"
"m1_116" = "975394621"
"m1_111" = "3632489257"
"m1_110" = "1588378220"
"m1_113" = "786271069"
"m1_112" = "1751031529"
"m1_168" = "3866556980"
"m1_169" = "2466883207"
"m1_220" = "542909206"
"m4_219" = "2071548479"
"m1_160" = "2637230312"
"m1_161" = "2733520179"
"m1_162" = "2720784713"
"m1_163" = "2557426206"
"m1_164" = "1214616975"
"m1_165" = "3299963440"
"m1_166" = "3679501328"
"m1_167" = "2878354766"
"m3_80" = "1401010233"
"m3_81" = "3102878548"
"m3_82" = "542956227"
"m3_83" = "2311932542"
"m3_84" = "4047496685"
"m3_85" = "1453954328"
"m3_86" = "3189376183"
"m3_87" = "663008290"
"m3_88" = "2364876625"
"m3_89" = "4100445900"
"m4_215" = "3720320139"
"m4_214" = "1985029406"
"m4_225" = "3893358285"
"m4_194" = "1638953114"
"m1_201" = "1517823662"
"m1_200" = "1611116407"
"m3_19" = "2888904510"
"m3_18" = "1153482627"
"m1_205" = "1297626444"
"m1_204" = "3109505289"
"m1_207" = "2331395230"
"m1_206" = "1297522905"
"m3_13" = "1100530336"
"m3_12" = "3626914613"
"m3_11" = "1891476358"
"m3_10" = "190001259"
"m3_17" = "3746958356"
"m3_16" = "2011536633"
"m3_15" = "243002698"
"m3_14" = "2835971551"
"m2_233" = "595818817"
"m2_232" = "3155484418"
"m2_231" = "1420205099"
"m2_230" = "3979873473"
"m2_237" = "3242016619"
"m2_236" = "1506714440"
"m2_235" = "4066400181"
"m2_234" = "2331102520"
"m2_239" = "2417627471"
"m2_238" = "682331289"
"m2_49" = "3424863984"
"m2_48" = "1689567674"
"m2_47" = "4249249463"
"m2_46" = "2513965233"
"m2_45" = "778669791"
"m2_44" = "3338351236"
"m2_43" = "1603053585"
"m2_42" = "4162736658"
"m2_41" = "2427438881"
"m2_40" = "692154396"
"m2_38" = "1516540042"
"m2_39" = "3251823525"
"m2_32" = "3989700179"
"m2_33" = "1430014817"
"m2_30" = "519121676"
"m2_31" = "2254399646"
"m2_36" = "2340928256"
"m2_37" = "4076210421"
"m2_34" = "3165312108"
"m2_35" = "605629671"
"m2_247" = "3415055350"
[HKCU\Software\Stvncyfrlda\168128873]
"910904903" = "0"
[HKCU\Software\Stvncyfrlda]
"m4_240" = "4152915504"
"m2_158" = "3593001358"
"m2_159" = "1033318228"
"m2_156" = "122417395"
"m2_157" = "1857700181"
"m2_154" = "946803494"
"m2_155" = "2682087236"
"m2_152" = "1771189746"
"m2_153" = "3506474120"
"m2_150" = "2595575218"
"m2_151" = "35891775"
"m4_107" = "992514703"
"m4_106" = "3552191266"
"m4_105" = "1816900533"
"m4_104" = "81609800"
"m4_103" = "2641286363"
"m4_102" = "905995630"
"m4_101" = "3465672193"
"m4_100" = "1730381460"
"m3_131" = "3967839982"
"m4_242" = "3328529674"
"m4_109" = "168128873"
"m4_108" = "2727805436"
"m4_41" = "2427443317"
"m4_40" = "692152584"
"m4_43" = "1603057487"
"m4_42" = "4162734050"
"m4_45" = "778671657"
"m4_44" = "3338348220"
"m4_47" = "4249253123"
"m4_46" = "2513962390"
"m4_49" = "3424867293"
"m4_48" = "1689576560"
"m3_100" = "1713433789"
"m1_264" = "4076257590"
"m3_245" = "4256418168"
"m3_139" = "703982086"
"m3_138" = "3230366443"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"GlobalUserOffline" = "0"
[HKCU\Software\Stvncyfrlda]
"m4_250" = "30986354"
"m4_266" = "2025834306"
"m1_55" = "869080572"
"m1_54" = "936325280"
"m1_57" = "2127420660"
"m1_56" = "2209700707"
"m1_51" = "2330347000"
"m1_50" = "2958820596"
"m1_53" = "1723007679"
"m1_52" = "2581220447"
"m1_59" = "1154213488"
"m1_58" = "4066474636"
"m2_241" = "1593245513"
"m3_108" = "2744413141"
"m3_109" = "184949568"
"m3_104" = "98446945"
"m3_105" = "1833490844"
"m3_106" = "3535358219"
"m3_107" = "975960230"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"FirewallDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m3_101" = "3482491944"
"m3_102" = "922947399"
"m3_103" = "2624438002"
"m2_83" = "2295218147"
"m4_77" = "473400265"
"m4_264" = "2850220136"
"m2_248" = "855369684"
"m2_249" = "2590667948"
"m3_260" = "220872861"
"m4_234" = "2331105698"
"m1_124" = "2434404267"
"m1_125" = "1308835936"
"m1_126" = "1950560213"
"m1_127" = "2787039010"
"m1_120" = "3348298643"
"m1_121" = "3754038516"
"m1_122" = "665180793"
"m1_123" = "3625339348"
"m1_245" = "3337769965"
"m1_244" = "269030490"
"m1_247" = "2037635473"
"m1_246" = "2177488653"
"m1_128" = "934007257"
"m1_129" = "1187006103"
"m1_243" = "2065490465"
"m1_242" = "2179606710"
"m1_238" = "3303576611"
"m1_239" = "86146966"
"m3_248" = "871930801"
"m3_187" = "2359824054"
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = "0"
[HKCU\Software\Stvncyfrlda]
"m1_230" = "1918301372"
"m1_231" = "3367257706"
"m1_232" = "1732597522"
"m1_233" = "3151509020"
"m1_234" = "202707996"
"m1_235" = "3746887364"
"m1_236" = "1677024296"
"m1_237" = "4231584599"
"m3_269" = "2919792544"
"m4_262" = "3674605966"
"m3_243" = "751873630"
"m3_44" = "3354938517"
"m3_45" = "795540480"
"m3_46" = "2497408959"
"m3_47" = "4232388394"
"m3_40" = "675414817"
"m3_41" = "2444014172"
"m3_42" = "4179439051"
"m3_43" = "1586486630"
"m3_48" = "1706528345"
"m3_49" = "3441441268"
"m4_263" = "1114929403"
"m3_144" = "790480761"
"m3_239" = "2434362602"
"m2_186" = "641523802"
"m3_207" = "2739893002"
"m3_206" = "1004454815"
"m3_205" = "3530313824"
"m3_204" = "1828954357"
"m3_203" = "93401414"
"m3_202" = "2619377195"
"m3_201" = "884348604"
"m3_200" = "3477366529"
"m3_145" = "2492364436"
"m3_209" = "1881906644"
"m3_208" = "146399929"
"m4_178" = "3939072458"
"m4_179" = "1379395895"
"m4_176" = "468490992"
"m4_177" = "2203781725"
"m4_174" = "1292876822"
"m4_175" = "3028167555"
"m4_172" = "2117262652"
"m4_173" = "3852553385"
"m4_170" = "2941648482"
"m4_171" = "381971919"
"m4_261" = "1939315233"
"m2_118" = "2900836589"
"m2_119" = "341171289"
"m2_112" = "1079030500"
"m2_113" = "2814328779"
"m2_110" = "1903427405"
"m2_111" = "3638708175"
"m2_116" = "3725225075"
"m2_117" = "1165554821"
"m2_114" = "254643117"
"m2_115" = "1989941830"
"m2_185" = "3201212431"
"m2_184" = "1465912220"
"m2_187" = "2376826155"
"m4_153" = "3506477093"
"m2_181" = "555012441"
"m2_180" = "3114680852"
"m2_183" = "4025594604"
"m2_182" = "2290295438"
"m2_189" = "1552443059"
"m2_188" = "4112120314"
"m2_258" = "1028412110"
"m3_180" = "3097834125"
"m1_153" = "1216358047"
"m4_253" = "941891257"
"m4_98" = "2554767290"
"m4_99" = "4290058023"
"m4_252" = "3501567820"
"m4_92" = "732957484"
"m4_93" = "2468248217"
"m4_90" = "1557343314"
"m4_91" = "3292634047"
"m4_96" = "3379153120"
"m4_97" = "819476557"
"m4_94" = "4203538950"
"m4_95" = "1643862387"
"m3_242" = "3345366819"
"m2_137" = "1511633715"
"m1_249" = "189410392"
"m1_248" = "3946419377"
"m4_255" = "117505427"
"m4_254" = "2677181990"
"m3_262" = "3657786279"
[HKLM\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m4_259" = "2763701063"
"m4_258" = "1028410330"
"m2_138" = "3246918244"
"m2_139" = "687249089"
"m3_153" = "3489919500"
"m3_152" = "1754350225"
"m3_151" = "52482914"
"m3_150" = "2612405239"
"m3_157" = "1874411504"
"m3_156" = "105417797"
"m3_155" = "2665356502"
"m3_154" = "963407291"
"m4_217" = "2895934309"
"m4_216" = "1160643576"
"m3_159" = "1016356506"
"m3_158" = "3609964399"
"m4_213" = "249738673"
"m4_212" = "2809415236"
"m4_211" = "1074124503"
"m4_210" = "3633801066"
"m1_179" = "3682729808"
"m1_178" = "3508023924"
"m4_260" = "204024500"
"m1_173" = "2203286492"
"m1_172" = "3016441855"
"m1_171" = "3472548734"
"m1_170" = "2304107742"
"m1_177" = "3409859444"
"m1_176" = "632772987"
"m1_175" = "1551260976"
"m1_174" = "2971589183"
"m1_9" = "151879564"
"m4_245" = "4239434577"
"m4_218" = "336257746"
"m3_181" = "538419768"
"m1_270" = "1473145152"
"m1_262" = "2783467715"
"m1_8" = "3256253133"
"m2_211" = "1074122680"
"m3_265" = "273825276"
"m2_108" = "2727810816"
"m2_206" = "987604018"
"m2_207" = "2722892971"
"m2_204" = "1811994952"
"m2_205" = "3547278789"
"m2_202" = "2636381896"
"m2_203" = "76695899"
"m2_200" = "3460765843"
"m2_201" = "901080491"
"m4_207" = "2722896163"
"m2_208" = "163222056"
"m2_209" = "1898508089"
"m3_148" = "3403350317"
"m4_236" = "1506719868"
"m2_58" = "1862610710"
"m2_59" = "3597909434"
"m3_149" = "843427928"
"m2_54" = "3511393050"
"m2_55" = "951706087"
"m2_56" = "2686992738"
"m2_57" = "127325810"
"m2_50" = "865194941"
"m2_51" = "2600479459"
"m2_52" = "40811178"
"m2_53" = "1776091217"
"m3_197" = "2532889800"
"m2_106" = "3552184040"
"m3_196" = "831399261"
"m4_200" = "3460762920"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\~nsu.tmp\Au_.exe,"
[HKCU\Software\Stvncyfrlda]
"m3_195" = "3357379118"
"m3_270" = "393932511"
"m3_194" = "1622350515"
"m4_202" = "2636377090"
"m1_61" = "27768135"
"m3_193" = "4215368452"
"m4_203" = "76700527"
"m3_192" = "2479946729"
"m3_191" = "711346298"
"m1_218" = "4168726684"
"m4_239" = "2417624771"
"m3_190" = "3270891727"
"m4_238" = "682334038"
"m4_138" = "3246919874"
"m4_139" = "687243311"
"m4_132" = "1425110068"
"m4_133" = "3160400801"
"m4_130" = "2249495898"
"m4_131" = "3984786631"
"m4_136" = "4071305704"
"m4_137" = "1511629141"
"m4_134" = "600724238"
"m4_135" = "2336014971"
"m1_219" = "1025839978"
"m3_178" = "3955889123"
"m2_136" = "4071303221"
"m1_196" = "1271837221"
"m2_141" = "4157820224"
"m2_140" = "2422534894"
"m2_143" = "3333435351"
"m2_142" = "1598150006"
"m2_145" = "2509048020"
"m2_144" = "773753864"
"m4_58" = "1862614706"
"m4_59" = "3597905439"
"m4_56" = "2687000536"
"m4_57" = "127323973"
"m4_54" = "3511386366"
"m4_55" = "951709803"
"m4_52" = "40804900"
"m4_53" = "1776095633"
"m4_50" = "865190730"
"m4_51" = "2600481463"
"m3_172" = "2133964565"
"m2_255" = "117501710"
"m1_37" = "3754015242"
"m1_36" = "3274605069"
"m1_35" = "2161529661"
"m1_34" = "1003101363"
"m1_33" = "1943819026"
"m1_32" = "2731709687"
"m1_31" = "790639245"
"m1_30" = "1973672093"
"m3_188" = "4095393317"
"m3_189" = "1569401168"
"m1_39" = "571943250"
"m1_38" = "3655391382"
"m1_42" = "557879107"
"m1_43" = "2474203956"
"m1_40" = "739755721"
"m1_41" = "2015799742"
"m1_46" = "796432676"
"m1_47" = "3896583602"
"m1_44" = "1149988469"
"m1_45" = "3272971938"
"m1_48" = "1130703054"
"m1_49" = "3113898838"
"m3_119" = "357998978"
"m3_118" = "2917414423"
"m3_117" = "1148946168"
"m3_116" = "3741914957"
"m3_115" = "2006935518"
"m3_114" = "237958307"
"m3_113" = "2797356340"
"m3_112" = "1096013209"
"m3_111" = "3655416426"
"m3_110" = "1886423807"
"m1_193" = "846742759"
"m2_95" = "1643859302"
"m1_192" = "1193827454"
"m4_243" = "768853111"
"m1_137" = "651356643"
"m1_136" = "3325896790"
"m1_135" = "4127936274"
"m1_134" = "2893685075"
"m1_133" = "3534992108"
"m1_132" = "2976761342"
"m1_131" = "2275606011"
"m1_130" = "3550298598"
"m1_212" = "364212077"
"m1_240" = "793286221"
"m1_139" = "3300257368"
"m1_138" = "3329493689"
"m1_182" = "3787731908"
"m1_183" = "4252941347"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"UacDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m1_181" = "1678295257"
"m1_186" = "3500999790"
"m1_187" = "3863239586"
"m1_184" = "1799500854"
"m1_185" = "83791732"
"m1_223" = "2927256487"
"m1_222" = "2324290618"
"m1_188" = "1432864434"
"m1_189" = "976618703"
"m1_227" = "3519889614"
"m1_226" = "2106103114"
"m1_225" = "2601513910"
"m1_224" = "2044955100"
"m2_10" = "173032746"
"m2_11" = "1908331499"
"m2_12" = "3643615808"
"m2_13" = "1083945517"
"m2_14" = "2819228168"
"m2_15" = "259556002"
"m2_16" = "1994846993"
"m2_17" = "3730138108"
"m2_18" = "1170458986"
"m2_19" = "2905758723"
"m1_208" = "3214485393"
"m3_71" = "2929954066"
"m3_70" = "1227955687"
"m3_73" = "2139008060"
"m3_72" = "369900673"
"m3_75" = "1280954054"
"m3_74" = "3840892843"
"m3_77" = "490007008"
"m3_76" = "3049946741"
"m3_79" = "3927378058"
"m3_78" = "2191956255"
"m2_242" = "3328524302"
"m2_243" = "768859593"
"m2_89" = "4117013649"
"m2_88" = "2381731014"
"m2_246" = "1679754166"
"m2_240" = "4152913213"
"m2_244" = "2504139453"
"m2_245" = "4239438788"
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = "1"
[HKCU\Software\Stvncyfrlda]
"m2_82" = "559916891"
"m2_81" = "3119600977"
"m2_80" = "1384301287"
"m2_87" = "646433310"
"m2_86" = "3206115838"
"m2_85" = "1470817537"
"m2_84" = "4030504192"
[HKLM\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = "1"
[HKCU\Software\Stvncyfrlda]
"m4_257" = "3588086893"
"m1_98" = "2437606373"
"m2_256" = "1852800850"
"m3_238" = "698940799"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"
[HKCU\Software\Stvncyfrlda]
"m3_232" = "3172438241"
"m3_233" = "578813980"
"m3_230" = "3963318727"
"m2_109" = "168126038"
"m3_236" = "1489883733"
"m3_237" = "3225308608"
"m3_234" = "2347938699"
"m3_235" = "4083360550"
"m4_256" = "1852796160"
"m1_203" = "3615171295"
"m4_265" = "290543573"
"m4_12" = "3643619612"
"m4_13" = "1083943049"
"m4_10" = "173038146"
"m4_11" = "1908328879"
"m4_16" = "1994847952"
"m4_17" = "3730138685"
"m4_14" = "2819233782"
"m4_15" = "259557219"
"m2_105" = "1816896086"
"m2_104" = "81613218"
"m4_18" = "1170462122"
"m4_19" = "2905752855"
"m2_101" = "3465667997"
"m2_100" = "1730386994"
"m2_103" = "2641283973"
"m2_102" = "906000462"
"m2_178" = "3939066030"
"m2_179" = "1379397632"
"m3_264" = "2833351233"
"m2_170" = "2941643589"
"m2_171" = "381973751"
"m2_172" = "2117257300"
"m2_173" = "3852554397"
"m2_174" = "1292872282"
"m2_175" = "3028172452"
"m2_176" = "468484980"
"m2_177" = "2203783765"
"m4_161" = "208933773"
"m4_160" = "2768610336"
"m4_163" = "3679515239"
"m4_162" = "1944224506"
"m4_165" = "2855129409"
"m4_164" = "1119838676"
"m4_167" = "2030743579"
"m4_166" = "295452846"
"m4_169" = "1206357749"
"m4_168" = "3766034312"
[HKCU\Software\Stvncyfrlda\168128873]
"1821809806" = "0200687474703A2F2F7061647275702E636F6D2E64732F736F62616B61312E67696600687474703A2F2F34362E3130352E3130332E3231392F736F62616B61766F6C6F732E676966"
[HKCU\Software\Stvncyfrlda]
"m4_248" = "855372184"
"m4_67" = "300362119"
"m4_66" = "2860038682"
"m4_65" = "1124747949"
"m4_64" = "3684424512"
"m4_63" = "1949133779"
"m4_62" = "213843046"
"m4_61" = "2773519609"
"m4_60" = "1038228876"
"m4_69" = "3770943585"
"m4_68" = "2035652852"
"m4_198" = "4285148750"
"m4_199" = "1725472187"
"m1_157" = "2239822097"
"m4_195" = "3374243847"
"m4_196" = "814567284"
"m4_197" = "2549858017"
"m4_190" = "3287724774"
"m4_191" = "728048211"
"m4_192" = "2463338944"
"m4_193" = "4198629677"
Adds a rule to the firewall Windows which allows any network activity:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\c:]
"%original file name%.exe" = "c:\%original file name%.exe:*:Enabled:ipsec"
Firewall notifications are disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = "1"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = "1"
A firewall is disabled:
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = "0"
Antivirus notifications are disabled:
[HKLM\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = "1"
Network activity (URLs)
No activity has been detected.
HOSTS file anomalies
No changes have been detected.
Rootkit activity
No anomalies have been detected.
Propagation
A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Virus's file once a user opens a drive's folder in Windows Explorer.
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
%original file name%.exe:1124
- Delete the original Virus file.
- Delete or disinfect the following files created/modified by the Virus:
%Documents and Settings%\%current user%\Local Settings\Temp\cyelgy.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\gcld.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A4739_rar\Au_.exe (2105 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winlxyp.exe (849 bytes)
\\XP1\PIPE\srvsvc (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winnblum.exe (15019 bytes)
%Program Files%\Adobe\Reader 9.0\Reader\Reader_sl.exe (624 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winmuob.exe (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsr4.tmp (1568 bytes)
\\XP7\PIPE\srvsvc (72 bytes)
%System%\drivers\qjohs.sys (5 bytes)
%Program Files%\Common Files\Java\Java Update\jusched.exe (856 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\thhps.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\winupkqv.exe (1 bytes)
\\XP4\PIPE\srvsvc (72 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsk2.tmp (1568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\~nsu.tmp\Au_.exe (2105 bytes)
%WinDir%\system.ini (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\wincrmo.exe (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\000A3651_rar\%original file name%.exe (2105 bytes) - Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
- Reboot the computer.